Privacy Policy

How we handle your personal data

This Privacy Policy explains how MissaomochilasAdvisory (“we”, “us”, “our”) collects, uses and protects personal data in connection with the website Missaomochilas.com (“Website”) and our financial consulting services for businesses.

We are based in Milan, Italy and process personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

1. Data controller

The controller responsible for processing your personal data is:

MissaomochilasAdvisory
Ripa di Porta Ticinese, 7
20142 Milano MI, Italy
Email: Missaomochilas@gmail.com

If you have any questions about this Privacy Policy or our data practices, you can contact us using the details above.

Information we collect

2. Categories of personal data

The type of data we collect depends on how you interact with us – as a website visitor, prospective client, newsletter subscriber or existing client.

2.1 Contact and identification data

Such as:

  • First and last name
  • Business email address and phone number
  • Company name and role (e.g. owner, CEO, CFO)

2.2 Business & project information

Information you choose to share about your company and situation, for example:

  • Size and sector of your business
  • Financial and strategic challenges you describe
  • Notes from discovery calls and workshops, where relevant to our services

2.3 Technical & usage data

When you use the Website, we may collect:

  • IP address and approximate location (country or region)
  • Device type, browser and operating system
  • Pages visited, time spent on pages, clicks and navigation paths

This data is typically collected via cookies and similar technologies. For details, see our Cookie Policy.

2.4 Newsletter data

If you subscribe to our newsletter, we collect your email address and, optionally, information about your interests (e.g. topics and formats you prefer).

2.5 Client data

For active clients, we may process additional data under our engagement, such as:

  • Financial figures and forecasts
  • Management reports and internal documentation
  • Information about key stakeholders (e.g. owners, managers, advisors)

This data is processed according to the specific contract with your company and is not used for unrelated purposes.

Use of data

3. Purposes and legal bases

We use personal data only for specific, explicit and legitimate purposes. For each purpose, we rely on one or more legal bases under GDPR.

3.1 Providing our services

We process data to:

  • Respond to enquiries and clarify whether our services are a good fit.
  • Prepare, negotiate and perform consulting engagements with your company.
  • Communicate about workshops, meetings and deliverables.

Legal basis: performance of a contract or steps taken at your request prior to entering into a contract; legitimate interest in running and developing our business.

3.2 Communication and marketing

We may use your contact details to:

  • Answer questions submitted via the contact form.
  • Send newsletters or updates if you have subscribed or asked to receive them.
  • Inform existing clients about relevant changes to our services.

Legal basis: your consent (for newsletters and similar communications); legitimate interest in communicating with our clients and prospective clients.

3.3 Website operation and analytics

We use technical and usage data to:

  • Operate, maintain and secure the Website.
  • Analyse traffic and usage patterns to improve content and user experience.
  • Detect and prevent misuse or technical issues.

Legal basis: legitimate interest in operating a secure and effective website; your consent where required for non-essential cookies or similar technologies.

3.4 Legal and compliance

We may process personal data when necessary to comply with legal obligations, such as accounting, tax rules or responding to lawful requests from authorities.

Legal basis: compliance with legal obligations; legitimate interest in managing and defending our rights.

3.5 If you fail to provide data

If you choose not to provide certain information that we reasonably need to respond to your enquiry or perform a contract, we may not be able to provide our services or answer your questions in full.

Sharing

4. How we share personal data

We do not sell your personal data. We may share data with a limited number of trusted recipients where necessary for the purposes described above.

  • Service providers. For example, providers of hosting, email, analytics, customer relationship management, document storage and other tools that support our business.
  • Professional advisors. Such as lawyers, accountants or auditors, where reasonably necessary for advice or compliance.
  • Authorities and regulators. Where we are legally required to do so, or where disclosure is necessary to protect our rights or those of others.

Retention

5. How long we keep your data

We keep personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, or to comply with legal and regulatory requirements.

Enquiry data Usually up to 12–24 months after our last interaction.
Newsletter data Until you unsubscribe or we remove inactive contacts.
Client data In line with contractual obligations and local legal requirements (e.g. accounting and tax).

After these periods, data is deleted or anonymised, unless we need it for longer due to an ongoing dispute, investigation or legal obligation.

Criteria used for retention

When determining retention periods, we consider factors such as:

  • The nature and sensitivity of the data.
  • The risk of unauthorised use or disclosure.
  • The purposes for which we process the data.
  • Applicable legal, regulatory or contractual obligations.

Your rights

6. Your data protection rights

Subject to certain conditions and limitations under applicable law, you have the following rights in relation to your personal data.

Right of access

You can request confirmation as to whether we process your personal data and obtain a copy of that data.

Right to rectification

You can ask us to correct inaccurate or incomplete personal data.

Right to erasure

In certain circumstances, you can request that we delete your personal data, for example where it is no longer needed for the purposes for which it was collected.

Right to restriction

You can ask us to restrict the processing of your data in specific cases, for example while we verify its accuracy or assess an objection.

Right to data portability

Where processing is based on consent or contract and carried out by automated means, you may request a copy of your data in a structured, commonly used and machine-readable format.

Right to object

You can object to processing based on legitimate interests, including profiling, and we will stop processing unless we demonstrate compelling legitimate grounds to continue.

Right to withdraw consent

Where processing is based on your consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state where you live, work, or where the alleged infringement took place. In Italy, this is the national Data Protection Authority.

To exercise your rights, please contact us at Missaomochilas@gmail.com. We may ask you to provide information to verify your identity before handling your request.

Additional information

7. Children’s data

Our Website and services are intended for adult professionals and business clients. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us so that we can delete it where appropriate.

8. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration. However, no system can be completely secure, and we cannot guarantee absolute security of data transmitted or stored electronically.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our services, technologies or legal obligations. The “Last updated” date below indicates when the policy was most recently revised.

We encourage you to review this page periodically to stay informed about how we process personal data.

Last updated: 16 November 2025